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PROOF-TERM  SYNTHESIS  ON  DEPENDENT-TYPE  SYSTEMS  VIA  EXPLICIT 

SUBSTITUTIONS 

CESAR  MUNOZ* 

Abstract.  Typed  A-terms  are  used  as  a  compact  and  linear  representation  of  proofs  in  intuitionistic 
logic.  This  is  possible  since  the  Curry-Howard  isomorphism  relates  proof  trees  with  typed  A-terms.  The 
proofs-as-terms  principle  can  be  used  to  check  a  proof  by  type  checking  the  A-term  extracted  from  the 
complete  proof  tree.  However,  proof  trees  and  typed  A-terms  are  built  differently.  Usually,  an  auxiliary 
representation  of  unfinished  proofs  is  needed,  where  type  checking  is  possible  only  on  complete  proofs.  In 
this  paper  we  present  a  proof  synthesis  method  for  dependent-type  systems  where  typed  open  terms  are 
built  incrementally  at  the  same  time  as  proofs  are  done.  This  way,  every  construction  step,  not  just  the 
last  one,  may  be  type  checked.  The  method  is  based  on  a  suitable  calculus  where  substitutions  as  well  as 
meta- variables  are  first-class  objects. 

Key  words,  proof  synthesis,  higher-order  unification,  explicit  substitutions,  dependent  types,  lambda- 
calculus 

Subject  classification.  Computer  Science 

1.  Introduction.  Thanks  to  the  proofs-as-terms  paradigm,  a  method  of  proof  synthesis  consists  in 
finding  a  term  of  a  given  type.  Since  the  set  of  A-terms  is  enumerable,  a  complete  method  for  proof  synthesis 
in  a  framework  where  type  checking  is  decidable  consists  in  enumerating  and  type  checking  all  the  terms. 
Of  course,  this  method  is  impractical  for  implementations.  A  smart  enumeration  of  terms  must  take  typing 
information  and  properties  of  the  A-calculus  into  account.  In  [38],  Zaionc  presents  an  algorithm  for  proof 
construction  in  the  propositional  intuitionistic  and  classical  logics  via  the  simply-typed  A-calculus,  and  Dowek 
shows  in  [12,  13]  a  complete  term  enumeration  algorithm  for  the  type  systems  of  the  Barendregt’s  cube. 

Although  the  Curry-Howard  isomorphism  relates  proofs  with  terms,  proof  construction  and  term  syn¬ 
thesis  do  not  necessarily  go  in  the  same  direction.  A  natural  deduction  proof,  for  example,  is  driven  by  a 
bottom-up  procedure,  while  term  synthesis  procedures  go  in  a  top-down  manner.  For  instance,  to  prove  a 
proposition  B  by  Modus-Ponens ,  we  assume  B  and  A  as  hypotheses,  and  then  we  continue  recursively 
trying  to  prove  these  two  propositions.  Eventually,  we  will  get  the  axioms  and  the  proof  is  finished.  In 
contrast,  to  synthesize  a  term  of  type  £,  we  start  with  the  axioms  to  set  up  the  variables,  and  then  go  down 
to  the  conclusion  where  the  final  term  has  the  form  (M  TV)  with  M  a  term  of  type  A  -*  B  and  TV  a  term  of 
type  A. 

These  two  different  construction  mechanisms,  bottom-up  proof  construction  and  top-down  term  syn¬ 
thesis,  coexist  in  some  theorem  provers  based  on  the  proof-as-term  paradigm.  For  example,  in  the  proof 
assistant  system  Coq  [3]  proofs  under  construction,  also  called  incomplete  proofs ,  are  represented  as  proof- 
trees.  When  the  proof  is  done,  a  A-term,  that  is,  a  complete  proof-term ,  is  synthesized.  The  soundness  of 
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the  system  relies  on  the  type  checker,  which  is  a  very  small  piece  of  code.  However,  if  something  goes  wrong 
with  the  proof-tree  construction,  for  example  because  a  procedure  manipulating  a  proof-tree  is  bugged,  the 
problem  is  detected  when  the  type  checking  of  the  complete  proof-term  takes  place.  That  means,  at  the  very 
last  step  of  the  proof-term  synthesis. 

A  uniform  representation  of  complete  and  incomplete  proofs  allows  to  identify  the  proof  construction 
and  term  synthesis  mechanisms.  Furthermore,  if  such  a  representation  supports  an  effective  type-checking 
procedure,  type  inconsistencies  can  be  detected  during  the  whole  process  of  the  proof-term  construction. 
In  [28],  Magnusson  proposes  an  extension  to  the  A-calculus  with  place-holders  and  explicit  substitutions  to 
represent  incomplete  proofs.  Her  ideas  were  implemented  in  the  theorem  prover  Alf  [2],  but  a  complete 
meta-theoretical  study  of  the  system  and  its  properties  is  missing. 

A  term  with  place-holders  is  called  an  open  term.  Since  several  place-holders  can  appear  in  an  open 
term,  it  is  convenient  to  name  them.  In  the  A-calculus  with  de  Bruijn  indices,  named  place-holders  are  just 
variables  of  the  free-algebra  of  terms.  In  order  to  distinguish  place-holders  from  variables  of  the  A-calculus, 
the  former  are  called  meta-variables.  As  a  convention  in  this  paper,  meta- variables  are  written  with  the  last 

i 

uppercase  letters  of  the  alphabet:  X,Y ,  — 

The  open  term  Xx:A.Y,  can  be  seen  as  a  proof-term  of  A  -»  B  provided  that  there  exists  a  term  of 
type  B  in  the  right  context  to  replace  Y .  By  using  this  replacement  mechanism,  also  called  instantiation , 
an  incomplete  proof  becomes  a  complete  one.  In  contrast  to  substitution  of  variables  in  the  A-calculus, 
instantiation  of  meta- variables  is  a  first-order  substitution  that  does  not  care  about  capture  of  variables.  In 
the  previous  example  the  instantiation  of  Y  with  x  results  in  the  term  \x:A.x,  while  the  substitution  of  x 
for  Y  in  A x:A.Y  results  in  Xz:A.x.  Notice  that  unless  A  and  B  represent  the  same  type,  the  resulting  terms 
in  both  cases  may  be  ill-typed. 

As  pointed  out  in  [28,  15],  open  terms  in  the  A-calculus  reveal  new  challenges.  Assume,  for  example, 
that  an  open  term  is  involved  in  a  /3-redex.  The  /3-rule  can  create  substitutions  applied  to  meta-variables 
that  cannot  be  effective  while  the  meta- variables  are  not  instantiated.  In  this  case,  a  notation  for  suspended 
substitutions  should  be  provided.  Since  the  Acr-calculus  of  explicit  substitutions  was  introduced  in  [1],  several 
other  variants  of  explicit  substitutions  calculi  have  been  proposed;  among  others  [1,  36,  26,  23,  6,  27,  11,  24, 
30,  18,  32].  The  study  of  explicit  substitution  calculi  showed  up  to  be  more  complicated  than  that  of  the 
A-calculus.  For  some  of  the  explicit  substitution  calculi,  questions  about  confluence,  normalization  and  type 
checking  are  still  open. 

In  [31,  33],  we  propose  a  variant  of  A  a,  called  An^,  for  dependent-type  theories  like  An  [20]  and  the 
Calculus  of  Constructions  [8,  9].  The  An^-calculus  is  confluent  and  weakly  normalizing  on  well-typed 
expressions.  The  An^-system  does  not  enjoy  confluence  on  the  full  set  of  open  expressions,  that  is,  An^  is 
no  longer  confluent  when  meta- variables  on  the  sort  of  substitutions  are  considered,  and  it  does  not  preserve 
strong  normalization,  that  is,  arbitrary  reductions  on  well-typed  expressions  may  not  terminate.  However, 
we  claim  in  this  paper  that  the  An^-calculus  is  suitable  as  a  framework  to  represent  incomplete  proof-terms 
in  a  constructive  logic. 

In  this  paper  we  describe  a  proof-term  synthesis  method  for  An  and  the  Calculus  of  Construction  via  the 
An^-calculus.  The  method  uses  the  incomplete  proof-term  paradigm  proposed  in  [33].  It  is  strongly  inspired 
by  that  proposed  by  Dowek  in  [12,  13]  for  the  Cube  of  Type  Systems.  In  contrast  to  Dowek’s  method, 
our  method  combines  both  the  bottom-up  approach  for  proof  construction,  and  the  top-down  synthesis  of 
terms.  In  other  words,  proof-terms  are  synthesized  at  the  same  time  that  proofs  are  constructed.  Since  type 
checking  is  decidable  in  XTLc,  the  soundness  of  the  proof  construction  can  be  guaranteed  step  by  step.  From 
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a  practical  point  of  view,  implementation  errors  in  procedures  manipulating  incomplete-proofs  are  detected 
by  the  type  checker  at  any  moment  during  the  proof-construction  process.  The  type  checker  of  AII^  is  still 
simple.  In  fact,  we  have  implemented  it,  in  the  object-oriented  functional  language  OCaml,  in  about  50 
lines.  We  have  also  implemented  a  higher-order  unification  algorithm  for  ground  expressions.  The  soundness 
of  the  whole  implementation  relies  in  the  small  piece  of  code  corresponding  to  the  type  checker. 

The  rest  of  this  section  gives  an  overview  to  the  dependent-type  systems  in  which  we  are  interested, 
the  All-calculus  and  the  Calculus  of  Constructions,  and  to  the  Acr-calculus  of  explicit  substitutions.  For  a 
more  comprehensive  explanation  on  both  subjects,  we  refer  to  [20,  9]  and  [1].  In  Section  2,  we  present  the 
All^-calculus  and  its  dependent-type  systems.  In  Section  3,  we  describe  our  method  of  proof  synthesis.  The 
soundness  and  completeness  of  the  method  are  proved  in  Section  4.  The  last  section  presents  related  work 
and  summarizes  this  work. 

1.1.  Dependent-type  systems.  The  Dependent  Type  theory,  namely  All  [20],  is  a  conservative  ex¬ 
tension  of  the  simply -typed  A-calculus.  It  allows  a  finer  stratification  of  terms  by  generalizing  the  function 
space  type.  In  fact,  in  All,  the  type  of  a  function  Xx:A.M  is  Iix:A.B  where  B  (the  type  of  M)  may  depend 
on  x.  Hence,  the  type  A  B  of  the  simply-typed  A-calculus  is  just  a  notation  in  All  for  the  product  Tlx.A.B 
where  x  does  not  appear  free  in  B. 

From  a  logical  point  of  view,  the  All-calculus  allows  representation  of  proofs  in  the  first-order  intu- 
itionistic  logic  using  universal  quantification.  Via  the  types-as-proofs  principle,  a  term  of  type  Ux:A.B  is  a 
proof-term  of  the  proposition  Vx:A.B. 

Terms  in  All  can  be  variables:  x,y, applications:  (M  N),  abstractions:  A  x:A.M,  products:  Tlx:A.B , 
or  one  of  the  sorts:  Type ,  Kind }  Notice  that  terms  and  types  belong  to  the  same  syntactical  category. 
Thus,  II x:A.B  is  a  term,  as  well  as  \x:A.M.  However,  terms  are  stratified  in  several  levels  according  to 
a  type  discipline.  For  instance,  given  an  appropriate  context  of  variable  declarations,  A x:A..M  :  Ux:A..B, 
Ux:A..B  :  Type ,  and  Type  :  Kind.  The  term  Kind  cannot  be  typed  in  any  context,  but  it  is  necessary  since 
a  circular  typing  as  Type  :  Type  leads  to  the  Girard’s  paradox  [19]. 

Typing  judgments  in  An  have  the  form 

T  \-  M  :  A 

where  F  is  a  context  of  variable  declarations,  that  is,  a  set  of  type  assignments  for  free  variables.  We  use  the 
Greek  letters  T,  A  to  range  over  contexts.  Since  types  may  be  ill-typed,  typing  judgments  for  contexts  are 
also  necessary.  The  notation 

hr 

captures  that  types  in  T  are  well-typed.  The  An-type  system  is  given  in  Figure  1.1. 

The  Calculus  of  Constructions  [8,  9]  extends  the  An-calculus  with  polymorphism  and  constructions  of 
types.  It  is  obtained  by  replacing  the  rules  (Prod)  and  (Abs)  as  shown  in  Figure  1.2. 

In  a  higher-order  logic,  as  An  or  the  Calculus  of  Constructions,  it  may  happen  that  two  types  syntactically 
different  are  the  same  module  ^-conversion.  The  rule  (Conv)  uses  the  equivalence  relation  =p  which  is  defined 
as  the  reflexive  and  transitive  closure  of  the  relation  induced  by  the  /?-rule: 

(A x:A.M  N) - ►  M[N/x].  We  recall  that  M[N/x]  is  just  a  notation  for  the  atomic  substitution  of  the  free 

occurrences  of  x  in  M  by  IV,  with  renaming  of  bound  variables  in  M  when  necessary. 

1The  names  Type  and  Kind  are  not  standard,  other  couples  of  names  used  in  the  literature  are:  (Set,  Type),  (Prop,  Type) 
and  (*,□)• 


3 


■FIT 


(Empty) 


rhi:s 

s  6  {Kind,  Type} 
a;  is  a  fresh  variable 
h  f  U  {r  :  4) 


(Var-Decl) 


hr 

r  F  Type  :  Kind 


(Type) 


hr 

(*  :  A)  €  T 
Th  x:A 


(Var) 


T  h  A  :  Type 
x  does  not  appear  in  T 
T  U  {x  :  A)  H  B  :  s 

rVJSgg-'ff-o. 


r  h  A  :  Type 
x  does  not  appear  in  I 
r  U  {x  :  A]  h  M  :  B 
)  ru{ri}hB:s 
s  €  {Kind,  Type} 

T  h  Xx:A.M  :  Ux:A.B 


(Abs) 


r  h  M  :  n x:A.B 

T  \~  N  :  A  ./A  n 
r  h  (M  N)  :  A^Nffl  (  PP  } 


r  h  M  :  A 
rh  b-.s 

s  €  {Kind,  Type} 
A=0B 
rh  M:B 


(Conv) 


Fig.  1.1.  The  AIT -system 


x  does  not  appear  in  T 
T  U  {x  :  A}  \-  B  :  s 

s  €  {Kind,  Type} 
r  h  :  s 


(Prod) 


x  does  not  appear  in  T 
TU{x:A}\-M:B 
T  U  {x  :  A}  h  B  :  s 

s  e  {Kind,  Type } 

T  F  \x\A.M  :  n x:A.B 


(Abs) 


Fig.  1.2.  The  rules  (Prod)  and  (Abs)  of  the  Calculus  of  Constructions 


1.2.  Explicit  substitutions.  The  Acr-calculus  [1]  is  a  first-order  rewrite  system  with  two  sorts  of 
expressions:  terms  and  substitutions.  Well- formed  expressions  in  the  Ao'-calculus  are  defined  by  the  following 
grammar. 

Terms  M,  N  ::=  1  |  (Af  N)  \  AM  |  M[S] 

Substitutions  S,T  ::=  id  \  t  |  M  •  S  |  S  °  T 

The  Acr-calculus  is  presented  in  Figure  1.3. 

In  A free  and  bound  variables  are  represented  by  de  Bruijn  indices.  They  are  encoded  by  means  of  the 

n-times 
/ - A ^ 

constant  1  and  the  substitution  f.  We  write  tn  as  a  shorthand  for  t 0  •  •  •  °  t-  We  overload  the  notation  i  to 
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(AM  N) 

(M  N)[S] 
(AM)  [5] 
M[S][T } 

1  [M  •  5] 
M[*d] 

(Si  o52)oT 
(M-S)oT 
ido  S 
S  o  id 
t  °  (M  •  S) 
I-t 

I[5]-(toS) 


M[N  ■  id] 

(Beta) 

(M[S]  N[S ]) 

(Application) 

AM[1  •  (S  o  f)] 

(Lambda) 

M[SoT] 

(Clos) 

M 

(VarCons) 

M 

(id) 

C/3 

o 

03 

to 

o 

(Ass) 

M[T]  ■  (S  o  T) 

(Map) 

S 

(Idl) 

S 

(Idr) 

S 

(ShiftCons) 

id 

(VarShift) 

S 

(SCons) 

FlG.  1.3.  The  \a -calculus  [1] 


represent  the  Acr-term  corresponding  to  the  index  i ,  i.e., 


i 


1 

l[tn] 


if  i  =  1 
if  i  =  n  +  1. 


An  explicit  substitution  denotes  a  mapping  from  indices  to  terms.  Thus,  id  maps  each  index  i  to  the 
term  £,  t  maps  each  index  i  to  the  term  i  +  1,  S  o  T  is  the  composition  of  the  mapping  denoted  by  T  with 
the  mapping  denoted  by  S  (notice  that  the  composition  of  substitution  follows  a  reverse  order  with  respect 
to  the  usual  notation  of  function  composition),  and  finally,  M  ■  S  maps  the  index  1  to  the  term  M,  and 
recursively,  the  index  i  -F  1  to  the  term  mapped  by  the  substitution  S  on  the  index  i. 

2.  A  Framework  to  Represent  Incomplete  Proof-Terms.  The  important  elements  of  our  frame¬ 
work  are:  explicit  substitutions,  open  terms,  and  dependent  types.  A  simply-typed  version  of  Act  on  open 
terms  has  been  studied  in  [15].  In  [31,  33],  we  propose  the  XUc -calculus  which  is  a  dependent-typed  version 
of  a  variant  of  A  a.  The  All^-calculus  is  confluent  and  weakly  normalizing  on  well-typed  terms. 

As  usual  in  explicit  substitution  calculi,  expressions  of  AII^  are  structured  in  terms  and  substitutions. 
The  All^-calculus  admits  meta-variables  only  on  the  sort  of  terms. 

The  set  of  well-formed  expressions  in  AII^  is  defined  by  the  following  grammar: 


Natural  numbers  n 


Meta-variables  \ 

Sorts  s 

Terms  A,B,  M, 

Substitutions  S ,  T 


::=  0  |  n  +  1 

::=  X\Y\  ... 

::=  Kind  \  Type 
::=  1\8\UA.B\XA.M 

(M  N)  |  M[S]  |  x 
::=  tn  \M-aS\SoT 


An  expression  in  AII^  is  ground  if  it  does  not  contain  meta- variables.  A  ground  expression  is  also  pure 
if  it  does  not  contain  explicit  substitutions  (other  than  those  representing  de  Bruijn  indices). 
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(A a-M  N) 
(A^.M)[5] 
(HA.B)[S] 

(M  IV)  [5] 
M[S][T] 

1  [M  -a  S } 

M[  t°] 

{M  ■  A  S)oT 

t°°5 

tn+1  o  (M  ■ a  S) 

1-A? 
l[t"]  'A  tn+1 

Type[S] 


M[N  -a  t°] 

(Beta) 

A A[s]-M[1-a  (Sot1)] 

(Lambda) 

UA[S].B[l-A(Sof)} 

(Pi) 

(M[S]  N[S]) 

(Application) 

M[S  o  T] 

(Clos) 

M 

(VarCons) 

M 

(id) 

M[T]  -a  (S  o  T) 

(Map) 

S 

(IdS) 

t"  O  s 

(ShiftCons) 

(ShiftShift) 

t° 

(ShiftO) 

j^n 

(ShiftS) 

Type 

(Type) 

Fig.  2.1.  The  XU  £ -rewrite  system 


In  dependent-type  systems,  object  terms  and  type  terms  are  in  the  same  syntactical  category.  In  this 
paper,  for  readability,  we  use  the  uppercase  letters  A,  £, . . .  to  denote  type  terms,  that  is,  terms  of  type 
(kind)  Type  or  Kind ,  and  M,  AT, ...  to  denote  object  terms,  that  is,  terms  of  type  A  where  A  is  a  type  term. 

The  equivalence  relation  =\nc  *s  defined  as  the  symmetric  and  transitive  closure  of  the  relation  induced 
by  the  rewrite  system  in  Figure  2.1.  As  usual,  we  denote  by  — ^  the  reflexive  and  transitive  closure  of 

\nc. 

The  system'll/:  is  obtained  by  dropping  the  rule  (Beta)  from  All £.  As  shown  by  Zantema  [40],  the 
n^-calculus  is  strongly  normalizing. 

Lemma  2.1.  The  II c-calculus  is  terminating. 

Proof.  See  [33].  The  proof  uses  the  semantic  labeling  technique  [39].  0 

The  set  of  normal-forms  of  an  expression  x  (term  or  substitution)  is  denoted  by  (x)injC  • 

The  All/; -calculus,  just  as  Act,  uses  the  composition  operation  to  achieve  confluence  on  terms  with 
meta- variables.  The  rules  (Idr)  and  (Ass)  of  A  a  are  not  necessary  in  All/;. 

We  adopt  the  notation  i  as  a  shorthand  for  l[fn]  when  i  =  n  +  1.  In  contrast  to  Act,  tn  is  not  a 
shorthand  but  an  explicit  substitution  in  All/;.  Indeed,  t°  replaces  id  and  t1  replaces  f-  In  general,  tn 
denotes  the  mapping  of  each  index  i  to  the  term  i  +  n.  Using  tn,  the  non-left-linear  rule  (SCons)  of  Act, 
which  is  responsible  of  confluence  and  typing  problems  [11,  5,  33],  can  be  dropped  of  the  All^-calculus. 
Notice  that  we  do  not  assume  any  meta-theoretical  property  on  natural  numbers.  They  are  constructed  with 
0  and  n  +  1.  Arithmetic  calculations  on  indices  are  embedded  in  the  rewrite  system. 

A  context  in  All c  is  a  list  of  types.  The  empty  context  is  written  e.  A  context  with  head  A  and  rest  T 
is  written  AT.  In  that  case,  A  is  the  type  of  the  index  1,  the  head  of  T  (if  T  is  not  empty)  is  the  type  of 
the  index  2,  and  so  on.  In  a  dependent-type  theory  with  de  Bruijn  indices,  the  order  in  which  variables  are 
declared  in  a  context  is  important.  In  fact,  in  the  context  AT,  the  indices  in  A  are  relative  to  T. 

The  type  of  a  substitution  is  a  context.  This  choice  seems  natural  since  substitutions  denote  mapping 
from  indices  to  terms,  and  contexts  are  list  of  types.  In  fact,  if  the  type  of  a  substitution  S  is  the  context 
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A. A,  the  type  of  the  term  mapped  by  the  substitution  S  on  the  index  1  is  A,  and  so  for  the  rest  of  indices. 

2.1.  Meta-variables.  As  we  have  said,  meta- variables  are  first-class  objects  in  AEV.  Just  as  variables, 
they  have  to  be  declared  in  order  to  keep  track  of  possible  dependences  between  terms  and  types. 

A  meta- variable  declaration  has  the  form  X:rA ,  where  T  and  A  are,  respectively,  a  context  and  a  type 
assigned  to  the  meta- variable  X.  The  pair  (T,  A)  is  unique  (modulo  =An£)  for  each  meta- variable.  This 
requirement  is  enforced  by  the  type  system. 

A  list  of  meta-variable  declarations  is  called  a  signature .  We  use  the  Greek  letter  £  to  range  over 
signatures.  The  empty  signature  is  written  e.  A  signature  with  head  X:rA  and  rest  £  is  written  X:rA.  £. 
We  overload  the  notation  Si.  S2  to  write  the  concatenation  of  the  signatures  Si  and  S2. 

The  order  of  the  met  a- variable  declarations  is  important.  In  a  signature 

X\:r1Ai . Xn:r nAn,  the  type  Aj  and  the  context  IV  0  <  i  <  n,  may  depend  only  on  meta-variables 

XjJ<j<n.  The  indices  in  Aj  are  relative  to  the  context  IV 

The  main  operation  on  meta- variables  is  instantiation.  The  instantiation  of  a  meta-variable  X  with  a 
term  M  in  an  expression  y  (term  or  substitution)  replaces  all  the  occurrences  of  X  in  y  by  M. 

Definition  2.2  (Instantiation).  The  instantiation  of  a  meta-variable  X  with  a  term  M  in  an  expression 
y,  denoted  y{X/M},  is  defined  by  induction  over  the  structure  of  y  as  follows. 

•  s{X/M}  =  s,  if  s  €  {Kind,  Type}. 

•  1  {X/M}  =  1. 

•  X{X/M }  =  M. 

•  Y{X/M}  =  Y,ifY^X. 

•  (n  a.b){x/m]  =  ua{x/m}.b{x/m}. 

•  (XA.N){X/  M]  =  \a{x/m}-N{X/  M}. 

•  (Ni  N2){X/M }  =  (Nx{X/M\  N2{X/M\). 

•  {N[S]){X/M}  =  N{X/M}[S{X/M}\. 

•  tn{Ar/M}  =  tn. 

•  (N  m A  S){X/M }  =  N{X/M}  A{x/M]  S{X/M }. 

•  (5  o  T){X/M}  =  S{X/M }  o  T{X/M}. 

Application  of  instantiations  extends  to  context  and  signatures,  that  is,  T{X/M }  and  S {X/M}:  in  the 
obvious  way.  In  the  case  of  signatures,  the  application  S {X/M}  also  removes  the  declaration  of  X  in  S,  if 
any. 

In  contrast  to  substitution  of  variables,  instantiation  of  meta- variables  allows  capture  of  variables.  More¬ 
over,  instantiations  are  not  first-class  objects,  i.e.,  the  application  of  an  instantiation  is  atomic  and  external 
to  the  All^-calculus. 

2.2.  Type  annotations.  Type  annotations  in  substitutions  are  introduced  with  the  rules  (Beta), 
(Lambda),  and  (Pi),  and  then  propagated  with  the  rule  (Map).  They  can  also  be  eliminated  with  the  rules 
(VarCons),  (ShiftCons),  and  (ShiftO).  Notice  that  the  type  annotation  that  is  propagated  by  the  rule  (Map): 

(M  S)oT - +M[T\-a(SoT) 

is  A ,  not  A[T].  Type  annotations  in  substitutions  act  as  remainder  of  types  when  substitutions  are  distributed 
under  abstractions  and  products.  As  shown  in  [33],  they  are  necessary  to  preserve  typing  in  XUc -reductions. 

2.3.  ^-conversion.  In  this  paper  we  consider  a  calculus  without  ^-conversion.  Although,  extensional 
versions  of  explicit  substitution  calculi  have  been  studied  for  ground  terms  [24],  work  is  necessary  to  under¬ 
stand  the  interaction  of  the  77-rule  with  explicit  substitutions,  dependent  types,  and  met  a- variables. 
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(Empty) 


E;rhi4:« 

a  e  fs’lr"’- • -  (V"-D“1) 


hE;r 

X  is  a  fresh  meta- variable 
h  X:  r Kind.  E 


(Meta-Var-Decli) 


E;Th 

s  €  {Kind,  Type } 

X  is  a  fresh  meta- variable 
\-X:rA.  E 


(Meta-Var-Dec^) 


Fig.  2.2.  signatures  and  contexts 

2.4.  Dependent  types.  In  All/:,  we  consider  typing  assertions  having  one  of  the  following  forms: 

hE;r 

to  capture  that  the  context  T  is  valid  in  the  signature  E, 


E;  r  h  M  :  A 

to  capture  that  the  term  M  has  type  A  (the  type  M  has  the  kind  A)  in  E;T,  and 

E;T  h  S  >  A 

to  capture  that  the  substitution  S  has  the  type  A  in  E;  T.  The  scoping  rules  for  variables  and  meta- variables 
are  as  follows.  Contexts  T,  A,  and  expressions  M,A,S  may  depend  on  any  meta- variable  declared  in  the 
respective  signature  E.  Indices  in  M,  A  and  S  are  relative  to  their  respective  context  T. 

Typing  rules  for  signatures,  contexts,  and  expressions  are  all  mutually  dependent.  Valid  signatures  and 
contexts  are  defined  by  the  typing  rules  in  Figure  2.2. 

Valid  XUc -expressions  the  All-system  are  defined  by  the  typing  rules  in  Figure  2.3.  In  the  case  of  the 
Calculus  of  Constructions,  the  rules  (Prod),  (Abs),  and  (Cons)  are  modified  as  indicated  in  Figure  2.4. 
Finally,  conversion  rules,  on  both  systems,  are  defined  in  Figure  2.5. 

In  the  following,  we  use  H  E,  b  T,  T  F  M  :  A,  and  r  h  S  >  A  as  shorthands  for  1-  E;  e,  h  e;  T,  e;  T  b  M  :  A, 
and  e;T  h  S  >  A,  respectively. 

In  this  paper,  unless  otherwise  stated,  a  judgment  like  E;T  h  M  :  A  refers  to  the  setting  of  XUc  in  the 
Calculus  of  Constructions.  However,  the  main  properties  of  XUc  hold  in  both  the  Calculus  of  Constructions 
and  the  All-system.  We  prove  in  [31,  33]  that  XUc  satisfies,  among  others,  the  following  properties  (for  the 
sake  of  simplicity  we  show  the  properties  only  for  typed  terms,  but  they  hold  in  the  same  way  for  typed 
substitutions): 

Proposition  2.3  (Sort  soundness).  If  E;T  h  M  :  A,  then  either  A  =  Kind ,  or  E;T  h  A  :  s,  where 
s  6  {Kind,  Type}. 

Proposition  2.4  (Type  uniqueness).  If  E;  T  h  M  :  A  and  E;  T  b  M  :B,  then  A  =\nc  &• 
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l  v.r 

E;  T  b  Type  :  Kind  (Type) 


b£;A.r 

£;A.r  PlTIfp] 


(Var) 


S;  r  1-  A  :  Type 
£;  AT  hB:s 

5  G  {iftnd,  Jfype} 

S;  r  b  11,4. i?  :  s 


(Prod) 


s;rhM:n4j 

v.  p  u  tv  *  A 

E;  T  b  (M  N)  :  5[iV  m  t°J  ^ApP^ 


s;ri-5>A 

E;Ahi:  iftnd 
E;  T  F  A[SJ  :  Kind 


(Clos-Kind) 


E;  r  b  A  :  Type 
E  ;ATbM:5 
E;  r  b  n^.5  :  s 


s  6  {Kind,  Type} 
EjThA^.M  :  11,4.5 


(Abs) 


E;T  b  5  >  A 
£;  A  b  M  :  A 
£;  A  b  A  :  s 
.s  €  {/find,  Type) 
E;  T  b  M[S ]  :  A[SJ 


(Clos) 


b  E;r 
X:AAeE 

ea? x  hi  (Meta-Var) 


b  E;r 

s;rbf>r 


(id) 


b  £;  AT 


E;  T  b  t"  >  A 
E;  AT  b  t”+1  >  A 


(Shift) 


E;Tb  S>  Aj 
E;  Ai  b  T  >  A2 
E;  r  b  T  o  5  >  A2 


(Comp) 


E;Tb  M:A[S] 
E;r  b  5  >  A 


E;  A  b  A  :  Type 

E;TT  M'.A  S  >  A.A 


(Cons) 


Fig.  2.3.  Valid  expressions 


£;  AT  b  5  :  s 
s  G  {Kind,  Type} 
E;  r  b  11,4.5  :  s 


(Prod) 


£;  AT  b  M  :  5 
E;  AT  b  5  :  s 
*  €  {/find,  Type}  /AU  A 
E;Tb  Xa.M  :  11,4.5  lADSj 


E;  r  b  M  :  A[5] 


E;Tb5t>  A 
E;  A  b  A  :  s 

s  €  { Kind,  Type} 
E;rbMM5>A.A 


(Cons) 


Fig.  2.4.  The  modified  rules  (Prod),  (Abs),  and  (Cons) 
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(Conv) 


S;r  h  M  :  A 
£;n -B.s 
s  €  {Kind,  Type } 

A  =\tic  B 
£;ri -M\B 


£;ri-S>  Ai 
hS;A2 


Ai  =An£  A2 

s;ri-6T>  A2 


(Conv-Subs) 


Fig.  2.5.  Conversions 

Proposition  2.5  (Subject  reduction).  If  M  XUc+  N  and  £;T  b  M  :  A,  then  E;ThiV:i. 

Proposition  2.6  (Soundness).  If  S;T  b  M  :  A,  £;T  I-  N  :  B  and  M  =aii£  N,  then  there  exists  a 
path  of  well-typed  reductions  between  A  and  B. 

Proposition  2.7  (Weak  normalization).  If  E;T  I-  M  :  A,  then  M  is  weakly  normalizing ;  therefore,  M 
has  at  least  one  All c-normal  form. 

Proposition  2.8  (Church-Rosser).  If  M\  =mc  h  M\  :  A,  and  h  M2  :  A,  then  M1  and 

M2  are  XUc -joinable,  i.e there  exists  M  such  that  M\  An M  and  M2  c*  M. 

Corollary  2.9  (Normal  forms).  The  XUc  -normal  form  of  a  well-typed  XUc-term  always  exists ,  and 
it  is  unique.  If  M  is  a  well-typed  term ,  we  denote  by  (M)lXUc  its  XUc  -normal  form. 

The  following  proposition  states  the  conditions  that  guarantee  the  soundness  of  instantiation  of  meta¬ 
variables  in  XUc 

Proposition  2.10  (Instantiation  lemma).  Let  M  be  a  term  such  that  Si;  T  K  M  :  A,  and  S  a  signature 
having  the  form  £2.  X:  rA.  Si, 

1.  if  h  S;  A,  then  h  £{X/M};  A{X/M}, 

2.  if  S;  A  I-  N  :  B,  then 

E {X/M};  A {X/M}  h  N{X/M }  :  B{X/M},  and 

3.  if  £;  Ail -S>  A2,  then  £{X/M};  Ai  {X/M}  b  S{X/M }  >  A  2{X/M}. 

Finally,  the  next  property  justifies  the  use  of  AIl£  to  build  proof-terms  in  a  constructive  logic  based 
on  a  dependent-type  system.  It  states  that  when  the  signature  is  empty,  AIl£  types  as  many  terms  as  the 
A-calculus  does. 

Proposition  2.11  (Conservative  extension).  Let  M,A  be  pure  terms  in  XUc,  and  T  be  a  context 
containing  only  pure  terms.  Then,  T  b  M  :  A  in  XUc  if  and  only  ifT\~M:Ain  the  respective  dependent- 
typed  version  of  the  X -calculus  (modulo  de  Bruijn  indices  translation). 

3.  A  Proof  Synthesis  Method  in  AIl£.  We  introduce  the  basic  ideas  of  our  technique  with  an 
example.  For  readability,  when  discussing  examples  we  use  named  variables  and  not  de  Bruijn  indices. 
Nevertheless,  we  recall  that  our  formalism  uses  a  de  Bruijn  nameless  notation  of  variables. 

Assume  a  context  with  the  following  variable  declarations 
bool  :  Type , 
nat :  Type , 

/  :  nat  — >  nat  — >  bool , 
g  :  (nat  -4  bool)  -4  nat , 
not :  bool  -4  bool , 
eq  :  bool  -4  bool  -4  Type , 

h  :  Up: (nat  -4  bool)  4-  bool.Uxmat  4  bool.(eq  (p  x)  (not  (p  (f  (g  x))))). 
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We  address  the  problem  of  finding  terms  X  and  Y  such  that  X  :  ( eq  Y  Y)  and  Y  :  bool .  This  problem 
happens  to  be  a  paraphrasing  of  a  formulation  given  in  [14]  of  the  famous  Cantor’s  theorem  that  there  is* 
not  surjection  from  a  set  (in  this  case  nat)  to  its  power  set  (formed  by  the  elements  of  type  nat  — >  bool).  It 
can  be  solved,  for  example  using  Dowek’s  method,  by  enumerating  all  the  terms  Y  of  type  bool ,  and  then 
the  terms  of  type  (eq  Y  Y). 

However,  by  combining  proof  construction  and  term  synthesis  we  can  do  better.  Instead  of  looking 
directly  for  T,  we  could  claim  to  know  it,  and  try  to  find  a  term  of  type  (eq  Y  Y).  Then,  we  use  the  typing 
information  available  for  eq  to  guide  the  proof-term  synthesis. 

In  our  framework,  we  assume  two  meta- variable  declarations  Y  :  bool  and  X  :  (eq  Y  T).  Notice  that 
the  meta- variable  Y  appears  in  the  type  of  X.  In  fact,  in  contrast  to  the  simply- typed  A-calculus,  in  a 
dependent-typed  calculus  meta-variables  may  appear  in  types  and  in  contexts.  Typing  rules  for  open  terms 
should  take  into  account  these  considerations. 

A  solution  to  X  and  Y  is  a  couple  of  ground  terms  M,  A  such  that  when  A"  is  instantiate  with  M  and 
Y  with  A,  it  holds  M  :  (eq  A  A)  and  A  :  bool. 

By  looking  at  the  context  of  variables,  we  notice  that  a  possible  instantiation  for  X  should  use  the 
variable  h .  Since  we  do  not  know  the  right  arguments  p  and  x  to  apply  h ,  we  declare  new  meta-variables 
X p  :  (nat  — »  bool)  — >  bool  and  Xx  :  nat  bool ,  and  proceed  to  instantiate  X  with  (h  Xp  Xx). 

At  this  stage  of  the  development,  we  have  the  following  situation.  Three  meta- variables  to  solve:  Y  :  bool , 
Xp  :  (nat  bool)  -»  bool ,  and  Xx  :  nat  — »  bool ,  and  the  incomplete  proof-term  (h  Xp  Xx)  of  type 
(eq  Y  Y).  However,  there  is  something  wrong.  The  type  given  by  the  type  system  to  the  term  (h  Xp  Xx) 
is  (eq  (Xp  Xx)  (not  (Xp  (f  (g  Xx ))))),  which  is  not  convertible  to  (eq  Y  Y).  In  fact,  we  should  have  been 
more  careful  with  the  instantiation  of  X  with  (h  Xp  Xx ).  Since  two  syntactically  different  types  can  become 
equal  via  instantiation  of  meta-variables  and  /3-reduction,  we  can  instantiate  a  meta-variable  with  a  term  of 
different  type,  but  we  have  to  keep  track  of  a  set  of  disagreement  types.  In  our  case,  if  we  want  to  instantiate 
X  with  (h  Xp  Xx):  we  have  to  add  the  constraint  (eq  (Xp  Xx)  (not  (Xp  (f  (g  X®)))))  =xnc  (eq  Y  Y)  to  the 
disagreement  set. 

Thus,  the  goal  is  not  to  find  any  ground  instantiation  for  the  meta- variables,  but  one  that  reduces  the 
disagreement  set  to  a  set  of  trivial  equations  of  the  form  M  =  M,  where  M  is  a  ground  term. 

If  the  original  proposition  holds,  eventually  we  will  instantiate  all  the  met  a- variables  in  such  a  way  that 
the  disagreement  set  is  also  solved.  A  possible  solution  to  our  example  is 
Xx  =  A y:nat.(not  (f  y  y)), 

Xp  =  A x:nat  ->  bool.(x  (g  A y:nat.(not  (f  y  y)))), 

Y  =  (not  (f  (g  A y:nat.(not  (f  y  y))))),  and 

X  =  (h  A x:nat  ->  bool.(x  (g  A y:nat.(not  (f  y  y))))  A y:nat.(not  (f  y  y))). 

That  solution  was  found  by  our  prototype  in  209  rounds  (including  back-tracking  steps).  Each  round  corre¬ 
sponds  to  the  instantiation  of  one  met  a- variable  or  the  simplification  of  the  disagreement  set.  This  number 
contrasts  with  the  1024  rounds  that  it  took  our  algorithm  to  find  the  same  solution  by  first  enumerating  all 
the  terms  of  type  bool. 

The  method  to  solve  a  set  of  meta-variables  and  a  disagreement  set  can  be  summarized  as: 

1.  Take  a  meta- variable  X  to  solve.  Because  eventually,  all  the  met  a- variables  have  to  be  solved,  any 
of  them  can  be  chosen.  However,  as  we  will  explain  later,  some  typing  properties  guide  the  choice 
of  an  appropriate  meta-variable  to  solve. 

2.  By  using  the  type  information,  propose  a  term  M,  probably  containing  new  met  a- variables,  to 
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instantiate  X. 

3.  Declare  the  new  meta-variables  appearing  in  M,  and  add  to  the  disagreement  set  the  typing  con¬ 
straints  necessary  to  guarantee  the  soundness  of  the  instantiation. 

4.  Simplify  the  disagreement  set.  If  a  typing  constraint  is  unsat isfiable,  backtrack  to  step  2.  Restore 
the  disagreement  set  to  that  point. 

5.  Stop  if  all  the  meta-variables  are  solved  and  the  disagreement  set  contains  only  trivial  equations. 
Otherwise,  call  recursively  the  procedure. 

Our  method  improves  Dowek’s  method  in  three  ways: 

•  Proof  construction  and  term  synthesis  are  combined  in  a  single  method.  Therefore,  proof  assistant 
systems  based  on  the  proofs-as-terms  paradigm  can  use  our  framework  to  represent  uniformly  proof 
under  construction  and  proof-terms. 

•  The  first-order  setting  of  the  All^-calculus  eliminates  most  of  the  technical  problems  related  to  the 
higher-order  aspects  of  the  A-calculus. 

•  In  Dowek’s  method,  variables,  and  not  met  a- variables,  are  used  to  represent  place-holders.  Since, 
these  variables  should  range  over  all  the  set  of  well-typed  terms,  the  type  system  where  the  proof 
synthesis  method  is  described  allows  variable  declarations  where  the  original  type  system  does  not. 
That  type  system  introduces  some  technical  nuisances  [12, 13].  In  our  framework  this  is  not  necessary. 
Meta- variables  and  variables  have  different  declaration  rules.  In  particular,  met  a- variables  can  be 
typed  in  sorts  where  variables  cannot  (see  rules  (Meta-Var-Decli),  (Meta-Var-Decli),  and  (Var- 
Decl)). 

3.1.  The  All^-calculus  with  constraints.  As  we  have  seen  in  the  informal  description  of  the  method, 
instantiation  of  meta-variables  may  need  the  resolution  of  a  disagreement  set.  Indeed,  the  disagreement  set 
is  maintained  in  an  extended  kind  of  signatures  called  constrained  signatures. 

Definition  3.1  (Constrained  signatures).  A  constraint  M  ~r  X  relates  two  terms  M,N,  and  a 
context  r.  A  constrained  signature  is  a  list  containing  meta-variable  declarations  and  constraint  declarations. 
Formally,  they  are  defined  by  the  following  grammar: 

Constrained  signatures  S  e  \  X:rA.  S  |  M  ~r  N.  E 


Notice  that  constraints  are  declared  together  with  met  a- variables.  This  way,  the  type  system  may  enforce 
that  a  constraint  uses  only  meta-variables  that  have  already  been  declared  in  a  signature. 

Definition  3.2  (Equivalence  modulo  constraints).  Let  E  be  a  constrained  signature;  we  define  the 
relation  ==  as  the  smallest  equivalence  relation  compatible  with  structure  such  that 

1.  if  M  =\nc  N,  then  M  =g  N,  and 

2.  if  M  N  €  E,  then  M  =g  N. 

We  extend  the  All^-calculus  to  deal  with  constraints. 

Definition  3.3  (All^-with  constraints).  The  type  system  All c  with  constraints  is  defined  as  All/;  in 
Section  2,  where  we  denote  typing  judgments  by  |~  E ,  |~  S;  T  and  S;  T  |~  M  :  A,  we  add  the  rule 

E;T\ ~MX:A 

E;T\^M2:A  .  : 

(Constraint) 
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and  we  replace  the  rules  (Conv),  (Conv-Suhs),  and  (Meta-Var)  by 


E;T  \~M  :A 
s  €  {Kind,  Type } 


(Conv) 


E;T  S  >  A 
b£;A' 

Eirp^TA7  (Conv-Subs) 


l-S;r 
X:aA  e  E 

s;rh=lTi^0-^  • 

As  expected,  a  constrained  signature  S  sazd  to  be  valid  if  it  holds  E. 

The  All^-calculus  with  constraints  does  not  satisfy  most  of  the  typing  properties  of  All c  given  in  Sec¬ 
tion  2.  In  particular,  it  is  not  normalizing  (not  even  weakly).  For  instance,  the  non-terminating  term 
(A x:A.(x  x )  A x:A.(x  x))  can  be  typed  in  a  constrained  signature  containing  A  ~  A  -*  A. 

However,  we  can  prove  the  following  properties. 

Lemma  3.4.  Let  E  be  a  valid  constrained  signature  and  £  be  the  signature  where  we  have  removed  all 
the  constraints  ofE, 

1.  (a)  if  I -  E;T,  then  S;T, 

(b)  if  £;  T  H  M  :  A,  then  E;  V  M  :  A,  and 

(c)  if  £;T  h  S  >  A,  then  E;T  |~  S'  >  A;  and 

2 .  if  E  does  not  contain  constraints,  i.e.,  £  =  E,  then 

(a)  if  |~  E;  T,  then  h  £;  T, 

(b)  if  E;  T  M  :  A,  then  £;  T  h  M  :  A,  and 

(c)  if  E;  T  |~  S  >  A,  then  £;  T  h  5  i>  A. 

Proof.  By  simultaneous  induction  on  the  typing  derivations.  □ 

According  to  Lemma  3.4,  if  E7  is  a  prefix  of  a  signature  S,  and  it  does  not  contain  constraints,  the  set  of 
expressions  that  are  typeable  in  E7  satisfies  the  properties  given  in  Section  2;  in  particular,  these  expressions 
have  a  All/: -normal  form  (Corollary  2.9).  This  is  no  longer  true  if  E7  contains  constraints.  We  exploit  this 
fact  to  simplify  constrained  signatures.  Indeed,  we  define  the  An^-normal  form  of  a  constrained  signature, 
with  respect  to  the  largest  prefix  which  does  not  contain  a  constraint.  We  will  see  later  that  constrained 
signatures  in  AII/;-normal  form  allow  us  to  prune  the  search  space  of  solutions  to  met  a- variables. 

Definition  3.5  (Normal  form  of  a  constrained  signature).  Let  E  be  a  valid  constrained  signature,  the 
An^-normal  form  of  E,  denoted  by  (E)|AIIjC,  is  defined  by  structural  induction  on  E. 

2.  E  has  the  form  X:rA.  E7  or  M  ~r  N.  S7 

•  ifE1  contains  constraints, 

(X:rA.Z')lXUc  =  X:rA.  (E%XUc 
(M  ~r  N.  E')W  =M~rN.  (S')W 

•  if  E7  does  not  contain  constraints, 

{X:  r A.  S')W  =  (r)W  (A)hn£  •  (H')W 

(M  —  r  N.  ^r)iXuc  =  i^lxnc’  */  (^Haii£  =  (N)l\nc 

( M  — r  N .  Z')lXTlc  =  (M)iXUc  — (r)4.AIl£  (N)l\nc-  (S')W>  otherwise . 
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The  All^-normal  form  of  a  constrained  signature  preserves  typing. 

Lemma  3.6.  Let  E  be  a  valid  constrained  signature, 

1.  S;  T  if  and  only  if  |~  (E)|AIIjC  ;  T, 

2.  E;  T  I-  M  :  A  if  and  only  if  (S)^AIIiC ;  T  |~  M  :  A,  and 

3.  E;  T  b  S  >  A  ifjrnd  only  if  (E)4.An£ ;  T  5  >  A. 

Proof  By  simultaneous  induction  on  the  typing  derivations.  □ 

3.2.  The  problem.  A  constrained  signature  can  be  seen  as  a  list  of  goals  to  be  solved.  Informally 
speaking,  to  solve  a  signature  means  to  find  ground  instantiations  for  all  the  meta- variables  in  a  way  that 
all  the  constraints  are  reduced  to  trivial  equations. 

Definition  3.7  (Parallel  instantiation).  A  parallel  instantiation  of  a  constrained  signature  5  is  a 
function  from  meta-variables  of  E  to  terms.  As  usual,  the  function  w  extended  to  be  applied  to 
arbitrary  expressions.  When  E  can  be  inf  erred  from  the  context,  we  simply  write  \P. 

Definition  3.8  (Solution).  Let  E  be  a  valid  constrained  signature,  we  say  that  a  parallel  instantiation 
4/  is  a  solution  to  E  if  and  only  if 

1.  for  any  constraint  M  ~r  N  £  E,  we  have  \P(r)  h  ^(M)  :  A,  \£(r)  b  $(iV)  :  A  and  \P(M)  =xu.c 
'f’(N),  and 

2.  for  any  meta-variable  declaration  X:pA  €  S,  we  have  $(r)  h  'i'(A’)  :  \k(A). 

In  this  case  we  say  that  S  is  a  solvable  signature.  Furthermore,  if  for  all  meta-variables  X  in  E,  $(X)  is  a 
XUC -normal  form ,  we  say  that  4/  is  a  normal  solution  to  S. 

Notice  that  according  to  the  previous  definition,  if  ^  is  a  solution  to  a  constrained  signature  S,  for  all 
met  a- variables  X  in  E,  4>(X)  is  a  ground  term.  If  \I>  is  also  normal,  then  4>(X)  is  pure. 

Definition  3.9  (Equivalent  solutions).  Let  $i,  #2  be  solutions  to  a  valid  constrained  signature  E. 
They  are  said  to  be  equivalent,  denoted  =\nc  ^2?  if  and  only  if  for  all  X  in  E,  *ki(X)  =\nc  ^2(A). 

To  know  whether  or  not  a  valid  constrained  signature  is  solvable  is  undecidable  in  the  general  case.  In 
particular,  it  requires  to  decide  the  existence  of  solutions  for  constraints  having  the  form  (X  Mi  ...  Mi)  ~ 
(Y  Ni  ...  Nj),  where  X  and  Y  are  meta- variables,  and  to  solve  the  inhabitation  problem  in  a  dependent-type 
system.  Those  problems  are  known  to  be  undecidable  [29,  4]. 

Some  kinds  of  signatures  can  be  trivially  discharged. 

Remark  1.  If  a  valid  constrained  signature  E  is  solvable,  then  there  exists  a  normal  solution  to  S. 

Definition  3.10  (Failure  signature).  Let  E  be  the  XUc -normal  form  of  a  valid  constrained  signature ; 
we  say  that  E  is  a  failure  signature  if  it  contains  a  constraint  relating  two  ground  terms  in  All c-normal  form 
which  are  not  identical. 

Remark  2.  Failure  signatures  are  not  solvable. 

The  Cantor’s  theorem  example  can  be  described  in  our  formalism  as  follows.  Let  T  = 
h  :  II p:(nat  bool)  -t  bool.Uxinat  bool.(eq  (jp  x)  (not  (p  (f  (g  ar))))). 

eq  :  bool  — >  bool  —>  Type,  not :  bool  bool. 

g  :  ( nat  bool )  — >■  nat.  f  :  nat  nat  bool,  bool  :  Type,  nat  :  Type , 
and  E  =  X:r (eq  Y  Y).  Yirbool ,  the  following  parallel  instantiation  ^  is  a  solution  to  S: 

^(Y)=(not  (f  (g  X y:nat.(not  (f  y  y))))) 

4>( X)=(h  X x:nat  -4  bool.(x  (g  X y:nat.(not  (f  y  y))))  X y:nat.(not  (f  y  y))). 

In  the  process  of  finding  that  solution,  we  have  first  solved  the  constrained  signature  S'  = 

X  ~r  (h  Xp  Xx).  (eq  (Xp  Xx)  (not  (Xp  (f  (g  Xx)))))  ~r  (eq  Y  Y). 
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Xx:r nat  — »•  bool.  Xp:  r(nat  — >  bool )  — >  bool.  X:r(eq  Y  F).  Y:  r bool, 
which  has  the  solution 

n*p)  =Xx:nat  bool.(x  ( g  X y:nat.(not  (/  y  y )))) 

'$!f(Xx)=Xy:nat.(not  (/  y  y)) 

$'(Z)  =$(Z),  otherwise. 

It  can  be  verified  that,  for  example,  9'((eq  ( Xp  Xx)  (not  (Xp  (/  ( g  Xp)))))  =An£  V*(eq  Y  Y). 

In  the  rest  of  this  section,  we  describe  a  method  to  find  a  solution  to  a  constrained  signature  via 
refinement  steps.  In  the  example  above,  S'  is  a  refinement  of  S,  and  thus,  a  solution  to  S  can  be  deduced 
from  a  solution  to  S'. 

3.3.  The  construction  steps:  Elementary  graftings.  We  want  to  solve  a  constrained  signature  via 
successive  instantiation  of  meta-variables.  Each  one  of  these  instantiations  is  called  an  elementary  grafting.2 

Definition  3.11  (Grafting).  A  grafting  is  an  instantiation  of  a  meta-variable,  with  possibly  new  dec¬ 
larations  of  meta- variables  and  constraints.  Let  X  be  a  meta-variable,  M  be  a  term,  and  S'  be  a  constrained 
signature,  the  grafting  of  X  with  M  in  S'  is  denoted  by  {X/s'M}. 

Valid  graftings  (in  E)  are  defined  by  the  following  typing  rule, 

bH 

S  =  S2.  X:rA.  Si 
S'.SijT  \^M:A 

J (amfUn9> 

In  the  previous  definition,  S'  contains  only  the  additional  meta-variables  and  constraints  that  are  nec¬ 
essary  to  type  M.  However,  S2.  S'.  Si  is  a  conservative  extension  of  S,  i.e.,  all  the  expressions  that  are 
typeable  in  S,  are  typeable  in  S2.  S'.  Si,  too.  In  particular,  it  holds  |~  S'.  Si. 

The  grafting  {X/s *M}  can  be  applied  to  an  expression  or  a  context  in  the  same  way  as  the  instantiation 
{ X/M }.  However,  only  valid  grafting  can  be  applied  to  constrained  signatures.  Let  S  be  a  valid  constrained 
signature,  the  application  of  the  grafting  {X/^M}  to  S,  instantiates  the  meta- variable  X  with  M  in  S,  and 
installs  S'  in  the  right  place  of  S. 

Definition  3.12  (Application  of  grafting).  Let  S  =  S2.  X:rA.  Si  such  that  S  |~  {X/s’M}, 

E{X/s’M}  =  (S2.  S'.  Si) {X/M}. 


The  application  of  a  valid  grafting  preserves  typing. 

Lemma  3.13.  Let  S  be  a  valid  constrained  signature  such  that  S  |~  {X/= >M}, 

1.  if  hS;T?  then  |~  S{X/S'M};r{X/M}, 

2.  if  S;T  h  M  :  A,  then  S {X/^M};T{X/M}  h  M{X/M]  :  A{X/M],  and 

3.  if  S;T  h  S  >  A,  then  S{X/s/M};  T{X/M\  ^  S{X/M]  >  A  {X/M}. 

Proof.  By  induction  on  the  typing  derivations.  The  proof  uses  Proposition  2.10.  □ 

The  reduction  to  An^ -normal  form  of  a  constrained  signature  preserves  its  valid  graftings. 

2 In  Dowek’s  method,  they  are  called  elementary  substitutions. 
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Lemma  3.14.  Let  E  be  a  valid  constrained  signature ,  S  |~  { X/&M }  if  and  only  if(E)lXUc  |~  {X/zfM}. 
Proof  We  show  that  S  |~  {X/z*M}  implies  (S)|AIIjC  |~  {X/z'M}.  The  other  direction  is  similar.  By 
Lemma  3.6,  (S)|AIl£  is  a  valid  constrained  signature.  By  Definition  3.5,  E  and  (S)|An£  declare  exactly  the 
same  meta- variables,  then,  by  hypothesis,  meta-variables  declared  in  Ef  are  not  in  S.  Since  E  has  the  form 
E!2.  X:r A! .  E[,  (S)|Ari£  has  the  form  S2.  X:rA.  Si,  where 

1.  S'.  E'^T^MiA',  and 

2.  Si  =  (Si)|An£,  A  =  (A')lXUc. 

From  (1)  and  (3),  E' .  E[;T  |~  M  :  A.  Therefore,  by  Lemma  3.6  and  (3),  S'.  Si;T  |~  M  :  A.  □ 

In  our  Cantor’s  theorem  example  we  verify  that 

E\~{X/B,(hXpXx)} , 

where  S  =  X:r(eq  Y  F).  Yirbool,  and  S'  = 

(eq  (Xp  Xx)  (not  (Xp  (f  (g  Xx )))))  ~r  (eq  Y  Y). 

Xx:r nat  -¥  bool.  Xp:r (nat  — >  bool )  — >  bool. 

In  fact,  S'  contains  met  a- variables  which  are  not  already  declared  in  S  (thus,  S'  can  be  safely  installed  in 
S),  X  is  declared  in  S,  and 

S'.  Y:  rbool  |~  (h  Xp  Xx)  :  (eq  Y  Y). 

Then,  by  Definition  3.11, 

S  K'  {X/s*(h  Xp  Xx)\. 

Given  a  constrained  signature,  the  choice  of  the  next  met  a- variable  to  solve  is  crucial.  Since  properties 
like  confluence  and  normalization  are  available  for  any  typeable  expression  in  a  prefix  of  a  constrained 
signature  without  constraints,  meta-variables  in  those  prefixes  are  very  appropriate  to  solve  in  the  first 
place.  The  next  property  states  that  such  variables  exist. 

Lemma  3.15.  Let  E  be  the  All c -normal  form  of  a  valid  constrained  signature  such  that  S  ^  e  and  S  is 
not  a  failure  signature.  Then,  S  has  the  form  S2.  X:rA.  Si,  where 

1.  Si  does  not  contain  constraints ,  and 

2.  b  X:rA.  Si. 

Proof.  The  constrained  signature  S  is  not  empty,  then  it  has  at  least  one  element.  Assume  that  the  first 
element  is  a  constraint  M  AT.  By  hypothesis  and  Lemma  3.6,  |~  S.  Hence,  it  holds  that  M  ~r  N. 
By  inversion  of  rule  (Constraint),  T  M  :  B  and  T  N  :  B.  Since  M,N,B  are  well-typed  without 
meta-variables,  they  are  ground,  and  by  Lemma  3.4,  it  holds  that  T  \r  M  :  B  and  T  )r  N  :  B.  Since  S  is 
a  signature  in  All^-normal  form,  M  and  N  are  not  identical.  But  this  is  not  possible  because  S  is  not  a 
failure  context.  Therefore,  the  first  element  of  E  is  not  a  constraint,  and  thus,  S  has  the  form  S2.  X:  yA.  Si, 
where  Si  does  not  contain  constraints.  By  the  typing  rules,  we  have  |~  X:rA.  Si,  and  thus,  by  Lemma  3.4, 
h!:rA  Si.  □ 

The  type  of  a  meta-variable  gives  enough  information  to  guess  a  valid  grafting.  Assume,  for  example, 
that  a  meta- variable  X  has  a  type  A.  If  A  —  Kind ,  then  by  inversion  of  the  type  rule  (Type),  X  may  be 
instantiate  with  Type.  But  also,  by  inversion  of  the  rule  (Prod),  X  may  be  instantiate  with  the  term  Ux.Z.Y 
where  Z  is  a  new  meta- variable  of  type  one  of  the  sorts  {Kind,  Type},  and  Y  is  a  new  meta- variable  of  type 
A  (notice  that  Y  should  be  declared  in  a  context  where  the  variable  declaration  x  :  Z  exists).  This  case  also 
applies  if  A  =  Type. 


16 


If  A  is  a  product,  i.e.,  A  =  Ux.A1.A2 ,  by  inversion  of  the  rule  (Abs),  we  can  instantiate  X  with  the  term 
\x:A\.Y  where  Y  is  a  new  meta- variable  of  type  A  (declared  in  a  context  where  the  variable  declaration 
x  :  A\  exists). 

In  any  case,  and  by  inversion  of  the  rule  (Appl),  it  is  always  possible  to  instantiate  X  with  the  term 
(YZ),  where  Y  is  a  meta- variable  of  type  Hx:Yb-Ya,  Z  is  a  meta- variable  of  type  Yb,  Yb  is  a  meta- variable 
of  one  of  the  sorts  {Kind,  Type},  Y a  is  a  met  a- variable  with  the  same  type  as  A  (declared  in  a  context  where 
the  variable  declaration  x  :  Yb  exists),  and  the  constraint  A  ~  Ya[Z  *yB  |°]  is  added  to  the  constrained 
signature.  However,  since  we  are  interested  in  solutions  modulo  =\nc,  any  normal  instantiation  of  Y  has 
the  form  (n  M\  ...  Mi)  where  n  is  a  variable.  Using  this  remark,  we  simplify  the  current  case  by  using 
the  variables  of  the  context  where  the  meta-variable  X  has  been  declared.  Assume  a  variable  declaration 
n  :  HxiiAi  —  n xj\Aj.B\.  The  meta- variable  X  can  be  instantiated  with  the  term  (n  X\  ...  Xi)  of  type 
B2,  where  i  <  j,  X\, . . . ,  Xi  are  new  meta- variables  of  the  right  type  (according  to  the  type  of  n),  and  the 
constraint  A  ~  B2  is  added  to  the  constrained  signature.  We  call  this  case  imitation ,  because  it  is  very 
similar  to  the  imitation  rule  of  higher-order  unification  algorithms  [22]. 

The  imitation  case,  as  it  has  been  described  before,  is  not  complete.  In  a  polymorphic  type  system, 
as  the  Calculus  of  Constructions,  if  the  type  of  a  term  M  is  Hx.A.B,  where  B  is  not  a  product,  the  type 
of  (M  N)  may  still  be  a  product.  That  is,  the  number  of  arguments  of  M  is  not  bounded  by  the  number 
of  products  in  its  type.  Take  for  example  the  context  O  :  nat.  not :  Type.  P  :  Hx:Type.x.  In  this  context, 
(P  nat)  :  nat ,  (P  ( nat  nat)  O)  :  nat ,  (P  (nat  — >  nat  — >  nat)  O  O)  :  nat ,  —  In  fact,  for  any  natural 
number  i  >  0,  there  exist  Mi, . . . ,  Mi  such  that  (P  Mi  ...  Mi)  :  nat. 

The  fact  that  the  number  of  arguments  of  a  term  is  not  fixed  by  its  type  is  called  splitting  [21].  Splitting 
raises  some  technical  problems  in  higher-order  unification  algorithms  and  so,  in  proof-synthesis  methods  [13]. 

Given  the  valid  judgment  E;T  h  M  :  TlxiiAi _ HxiiAj.B,  where  B  is  not  a  product,  for  any  j  >  0, 

there  exists  a  term  N  having  the  form  (M  Xi; . . .  Xj)  such  that  it  is  well-typed  in  a  constrained  signature 
extending  E.  The  term  N  is  called  an  imitation  of  M  of  grade  j.  Furthermore,  if  j  >  i ,  (j  —  i)  is  the  splitting 
grade  of  N.  Otherwise,  the  splitting  grade  of  N  is  0.  We  describe  a  method  to  build  imitations  of  arbitrary 
splitting  grade. 

Definition  3.16  (Imitation  with  splitting).  Let  E  be  a  signature ,  without  constraints,  in  XHc-normal 
form ,  M  be  a  term  such  that  E;T  h  M  :  A,  and  E;T  H  A  :  s  where  s  G  {Kind,  Type}.  For  i  >  0,  the  set  of 
imitations  of  M  of  grade  i,  denoted  [E;T  h  M  :  A ]%  is  a  set  of  judgments  in  XTlc  with  constraints  defined 
by  induction  on  i  as  follows. 

•  Ifi  =  0,  then  {E;T  [^  M  :  A}. 

•  If  i  >  0,  then  for  all  E!;T  |~  AT  :  B  in  [E;T  h  M  :  A}1-1 ,  we  consider  the  union  of  the  following  set 
of  judgments 73 

—  If  B  has  the  form  Ha1A2,  then 

{S'.  E;  T  |~  iV'  :  B'\  S'  =  X:r Au 

X  is  a  fresh  meta-variable, 

Nf  =  (N  X), 

B'e(A2[X.Alf])lnc} 


3We  recall  that  Tic  is  strongly  normalizing  (Lemma  2.1). 
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—  Otherwise  —  this  is  the  case  of  splitting , 

{S'.  E;  r  |~  iV'  :  B'\  S'  =  B  ~r  Ily^  .Y^.  X:rYi-  Y2:  yi.r$2-  Tirpsi, 

X,  Fi,  I2  are  fresh  meta-variables, 
si  €  {fed,  Type}, 
s2  =  s, 
iV'=(iVI), 

B'£(Y2[X-Ylf])lnc} 

We  verify  that  judgments  in  the  set  [E;  T  h  M  :  A]*  are  valid. 

Lemma  3.17.  Lei  Ska  signature  in  XUc -normal  form ,  M  be  a  term  suck  that  E;T  b  M  :  A,  and 
E;  T  h  A  :  s  where  s  €  {Kind,  Type}.  For  i>0,  the  elements  of  [E;FhM:  A]1  are  valid  judgments . 

Proof  By  induction  on  i.  The  base  case  holds  by  Lemma  3.4.  At  the  induction  step  we  use  the  rules 
(Appl),  (Conv),  and  the  fact  that  the  reduction  to  II/:-normal  form  preserves  the  type.  0 
We  formally  define  the  elementary  graftings. 

Definition  3.18  (Elementary  graftings).  LetE  be  the  XUc  -normal  form  of  a  valid  constrained  signature 
such  that  E  ^  e  and  E  is  not  a  failure  signature.  We  choose  a  meta-variable  X  in  E,  i.e .,  E  =  E2.  X:  r A.  Si , 
such  that  b  X:rA.  Si.  Such  a  meta-variable  exists  by  Lemma  3.15.  We  define  the  following  graftings  by 
case  analysis  on  A  (the  cases  are  not  disjoint): 

1.  A  — Kind.  We  consider  the  grafting  {X/€  Type}. 

2.  A  e  {Kind,  Type}.  For  any  s  €  {Kind,  Type},  we  consider  the  grafting  {X/s'IIz.y},  where  Z,Y  are 
fresh  meta-variables,  and  S'  =  Y:  z.rA.  Z\  rs. 

3.  A  =  II Al.A2.  We  consider  the  grafting  {X/^X ax-Y},  where  Y  is  a  fresh  meta-variable,  and  S'  = 
F:Aa.rA2. 

4.  Si;T  h  A  :  $1,  $1  E  {Kind,  Type}.  For  all  variables  n  in  the  context  T,  i.e.,  1  <  n  <  |r|,  such  that 
Si;r  hn:B  (B  is  a  XUc-normal  form),  and  for  i  >0,  we  consider  all  the  graftings 

{X/a^.^M} 

where  S'.  Si ;  T  |~  M  :  Af  is  in  [Si ;  T  h  n  :  B]1 . 

All  the  graftings  considered  above  form  the  set  of  elementary  graftings  of  the  meta-variable  X  in  S. 

Due  to  the  splitting  rule,  the  set  of  elementary  graftings  of  one  meta- variable  is  potentially  infinite. 
Some  of  the  elementary  graftings  lead  to  failure  signatures.  An  early  detection  of  failure  signatures  allows 
the  pruning  of  the  research  space  of  valid  graftings.  This  is  why  we  use  constrained  signatures  in  All^-normal 
form. 

We  verify  that  the  elementary  graftings  are  valid  graftings. 

Theorem  3.19  (Elementary  graftings).  Let  S  be  the  XUc-normal  form  of  a  valid  constrained  signature 
such  that  S  /  e  and  E  is  not  a  failure  signature.  If  X  is  a  meta-variable  in  E  such  that  it  is  well-typed 
without  constraints,  then  the  elementary  graftings  of  X  are  valid  graftings  in  E. 

Proof.  By  Lemma  3.15,  S  has  the  form  S2.  X:rA.  Ex.  First,  we. verify  that 

(3.1)  hSi;r, 

(3.2)  A  =  Kind  or  Si; T  A  :  s,  s  €  {Kind,  Type}. 

Then,  we  reason  by  case  analysis  on  A,  and  we  consider  all  the  elementary  graftings  of  X. 
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•  A  =  Kind .  By  using  Eq.  3.1  with  the  rule  (Type),  we  get  Si;  T  Type  :  Kind.  Therefore, 
E^{X/€Type}. 

•  A  €  {Kind,  Type}.  For  any  s'  €  {Kind,  Type},  we  consider  the  grafting  {X/s'IIz.Y},  where  Y,  Z  are 
fresh  meta- variables,  and  S'  =  Y:  z.rA.  Z :  rs'.  We  consider  two  cases  according  to  the  form  of  s'. 

-  s'  =  Kind.  We  have  the  derivation 


-  s'  =  Type.  We  have  the  derivation 


In  both  cases, 


i  (Meta-Var-Decli) 

^  Z\rKmd.  -i 


_ _ (Type) 

Si ;  r  k  Type  :  /find ).  / ^  '  _  ,  , 

— 4 — L — — - —  (Meta-Var-Decl2) 
b  Z:vType.  -i 


b  Z:rs'.  Ej. 


The  derivation  continues  as  follows 


Eq.  3.3 

Z:  r s' .  Ei ;  T  |~  Z  :  s 
)~  Z:rs'.  Si;  Z.T 


7  (Meta-Var) 
-  (Var-Decl) 


Now,  we  consider  two  cases  according  to  the  form  of  A. 

-  A  =  Kind.  We  have  the  derivation 

b-Z:iV-Bi;z.r 


f~  Y :  z.T Kind.  Z'.ys  .  E 


,  —  (Meta-Var-Decli) 


-  .4  =  Type.  We  have  the  derivation 


^Zirs'.EijZ.r _ (Type) 

Z:rS'.Si;rbT^:*md  \Ziv^ch) 

|~  Y:  z.r  Type.  Z:rs'.  Si  v  ' 


In  both  cases. 


But  also 


|~  Y :  z.T  A.  Z'.rs1 .  Si . 


Eq.  3.4 

Y-.z.rA.  Z-.rs'.E^Z.T^Y  :A 
Y :  z.T  A.  Z:iV.Ei;r|~nzy  :A 


(Meta-Var) 

(Prod) 


Therefore,  E  (~  {X/^Tlz-Y}, 

A  =  HAl.A2.  We  consider  the  grafting  {X/-=i\A,_ where  Y  is  a  fresh  met  a- variable,  and  E'  = 
Y-.A1.rA2.  As  in  the  previous  case  we  have  the  derivation 


Eq.  3.2 


C,A1.T^Y:A2 


E'.Sj  \~\Al.Y  :HAi.A2 


Therefore,  S  {X/^\M.Y}. 
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•  For  1  <  n  <  |r|  such  that  Si;  T  h  n  :  B  (B  is  a  All/; -normal  form),  we  consider  all  the  graftings 

{X/a-tA'.b  ’M] 

where  S'.  Si;  T  M  :  A'  is  in  [S;  T  h  n  :  B]\  i  >  0.  By  Lemma  3.17, 

(3.5)  S'.SufhM:!', 


(3.6) 

We  also  have 


Eq.  3.5  _ 
A  A! 


\i\T\~Ai8  S'.Ei; 

A'.Z'.Z 

S'. Si; r  I ~M:A. 


T^Af:s 
—  (Conv) 


(Constraint) 


Therefore,  S  {X/A~rA‘.  S’M}. 

□ 

3.4.  Splitting  in  All.  In  a  calculus  without  polymorphism,  as  All,  splitting  is  not  possible.  Thus, 
in  that  case  the  number  of  applications  of  a  variable  is  fixed  by  its  type.  In  our  version  of  All  using  the 
Alljc-calculus,  splitting  is  still  possible  since  we  allow  meta-variables  of  types  and  kinds. 

However,  some  simplifications  are  still  possible. 

A  term  having  the  form  (X[S]  Mi  Mi)  or  (X  Mi  Mi ),  i  >  0,  where  X  is  a  meta-variable  is  said  to  be 
flexible.  A  term  having  the  form  Type ,  Kind ,  or  (n  M\  Mi),  i  >  0  is  said  to  be  rigid.  Consider  a  term  M  such 
that  S;  T  M  :  II At  •  •  •  Ba{B  in  All.  If  B  is  a  All/: -normal  form  and  it  is  not  a  product,  it  is  either  flexible 
or  rigid.  If  B  is  flexible,  the  number  of  applications  of  n  depends  on  the  actual  parameters  of  M.  If  B  is 
rigid,  the  number  of  applications  of  M  cannot  be  greater  than  i.  In  that  case,  we  could  consider  imitations 
of  M  only  of  grade  j  <  i,  since  their  splitting  grade  is  0,  the  set  of  such  imitations  is  finite  (module  renaming 
of  fresh  meta- variables) . 

3.5.  Putting  everything  together:  The  method.  Given  a  constrained  signature  E,  we  solve  each 
met  a- variable  by  exploring  the  set  of  its  elementary  graftings.  We  can  organize  the  search  of  elementary 
graftings  as  follows. 

Definition  3.20  (Search  tree).  Let  E  be  a  valid  constrained  signature;  we  build  a  search  tree  of  S, 
where  nodes  are  labeled  by  constrained  signatures  in  All c-normal  form  and  edges  by  elementary  graftings ,  in 
the  following  way: 

•  The  root  is  labeled  by  (E)|An/. . 

•  Nodes  labeled  by  the  empty  signature  or  by  failure  signatures  are  leaves. 

•  If  a  node  is  labeled  by  a  signature  E  which  is  not  empty  or  a  failure  signature ,  we  choose  a  meta¬ 
variable  X  in  E  such  that  it  is  well-typed  in  a  signature  without  constraints  and  for  each  elementary 
grafting  {X/s'M}  of  X,  we  grow  an  edge  labeled  by  this  elementary  signature  to  a  new  node  labeled 
by(Z{X/E,M})lxnc. 

We  claim  that  if  there  exists  a  node  labeled  by  the  empty  signature  in  a  search  tree  of  E,  then  E  is 
solvable,  and  a  solution  can  be  found  by  composing  sequentially  all  the  elementary  graftings  along  a  path 
in  the  search  tree  containing  the  node  labeled  by  the  empty  signature.  Conversely,  if  there  exists  a  solution 
to  a  constrained  signature  E,  it  can  be  found,  modulo  =\Uc  >  in  a  search  tree  of  S.  These  two  properties, 
soundness  and  completeness ,  are  proved  in  Section  4. 
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A  semi-algorithm  to  solve  a  valid  constrained  signature  is  to  enumerate  the  nodes  of  a  search  tree  to 
find  a  leaf  labeled  by  the  empty  signature.  Notice  that  the  enumeration  must  deal  with  infinite  paths  in  the 
tree,  but  also  with  infinite  branching  because  the  set  of  elementary  graftings  of  a  meta- variable  is  potentially 
infinite. 

Example  1  (Revisited  Cantor’s  theorem  example).  Let  Y  be  the  context 
h  :  II p:(nat  4  bool)  4  bool.Uxmat  -4  bool.(eq  (p  x )  ( not  (p  (f  ( g  #))))). 
eq  :  bool  -4  bool  4  Type .  not :  bool  -4  bool. 

g  :  ( nat  -4  bool)  -4  nat.  f  :  nat  -4  nat  -4  bool .  bool  :  Type,  nat :  Type, 
and  H  =  X:r(eg  y  y).  Y:  rbool.  Find  a  solution  to  E. 

A  search  tree  is  built  from  the  root  S  (notice  that  it  is  a  All c-normal  form).  Since  E  does  not  contain 
constraints,  we  can  take  any  meta-variable  o/E  £o  so/ve.  Le£  us  choose  the  meta-variable  X.  The  type  of  X  is 
neither  a  product  nor  a  sort.  Therefore,  the  only  elementary  graftings  that  are  possible  for  this  meta-variable 
are  those  generated  by  the  imitation  step.  We  instantiate  X  with  an  imitation  of  grade  2  of  the  variable  h 
(no  splitting  takes  place), 

[EjFhft:  Up:(nat  -4  bool)  *4  bool.Tixinat  -4  bool . 

(eq  (p  x )  (not  (p  (f  (g  z)))))]2  = 

E;  T  b  (h  Xp  Xx)  :  (eq  (Xp  Xx)  (not  (Xp  (f  (g  X*)))))| 

Xx,Xp  are  fresh  meta-variables, 

S'  =  Xx:y nat  -4  bool.  Xp:  r(nat  4  bool)  4  bool} 

We  label  an  edge  with  the  elementary  grafting, 

{X/El(hXpXx)}, 

where  Si  — 

(eq  (. Xp  Xx)  (not  (Xp  (f  (g  Xx)))))  (eq  Y  Y). 

Xx:r nat  4  bool.  Xp:  r(nat  4  bool)  4  bool. 

This  edge  points  to  the  constrained  signature: 

(eq  (Xp  Xx)  (not  (Xp  (f  (g  Xx)))))  ~r  (eq  Y  Y). 

Xx:r nat  4  bool.  Xp:r (nat  4  bool)  4  bool. 

Y:  rbool. 

Notice  that  the  meta-variable  X  is  no  longer  in  the  signature.  Instead ,  there  are  new  meta-variables  Xx  and 
Xp.  At  this  stage,  any  meta-variable  can  be  chosen.  We  solve  the  meta-variable  Xx  of  type  nat  4  bool.  An 
elementary  grafting  of  this  meta-variable  is 

{ Xx/s2\y:nat.Z }, 

where  S2  =  Z:  y:nat.  rbool.  We  label  a  new  edge  with  this  elementary  grafting.  It  points  to  the  constrained 
signature: 

(eq  (Xp  \y\nat.Z)  (not  (Xp  (f  (g  A yinat.Z)))))  (eq  Y  Y). 

Z:  ymat.  r bool.  Xp:r(nat  4  bool)  4  bool. 

Y:  rbool. 

Eventually,  after  some  iterations  an  empty  signature  is  obtained.  A  solution  can  be  found  by  composing 
all  the  elementary  graftings  along  the  path  of  the  search  tree  leading  to  the  empty  signature. 
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4.  Soundness  and  Completeness. 

4.1.  Soundness.  We  claim  that  if  Si  f-^  S2  i-^  . . .  H— ^  En  is  a  path  of  the  search  tree  of  a  valid 
constrained  signature  S,  such  that  Si  =  (S)|An£  and  En  =  e,  the  sequential  composition  of  the  graftings 
0i, ... ,  6n-i  results  in  a  solution  to  S. 

The  proof  of  this  statement  goes  as  follows.  First,  we  describe  which  lists  of  grafting  are  valid  with 
respect  to  a  valid  constrained  signature.  These  lists  are  called  sequential  graftings.  Next,  we  characterize 
the  sequential  graftings  that  lead  to  an  empty  signature.  They  are  called  derivations.  The  key  points  of  the 
proof  are: 

1.  The  sequential  composition  of  the  graftings  in  a  derivation  of  S  is  a  solution  to  S. 

2.  A  path  from  the  root  of  a  search  tree  of  S  leading  to  an  empty  signature  is  a  derivation  of  S. 

The  soundness  theorem  is  a  consequence  of  (1)  and  (2). 

Definition  4.1  (Sequential  grafting).  A  list  ip  =  (0i, . . .  ,0*),  i  >  0,  of  graftings  is  a  sequential  grafting 
of  a  valid  constrained  signature  S  if  and  only  if 

•  ip  is  the  empty  list ,  i.e.,  i  =  0,  or 

•  S  |~  0i  and  (02, . . . ,  0{)  is  a  sequential  grafting  of  E0± 

The  application  of  ip  to  5,  is  defined  as  S ip  =  ((S0i) . .  .)0*.  We  overload  this  notation  to  apply  sequential 
graftings  to  expressions  and  contexts. 

Definition  4.2  (Derivation).  A  sequential  grafting  ip  of  a  valid  constrained  signature  S  is  called  a 
derivation  of  S  if  and  only  if  (Eip)lXUc  =  e. 

Remark  3.  Failure  signatures  do  not  have  derivations . 

Definition  4.3  (Sequential  composition).  Let  ip  be  a  sequential  grafting  of  a  valid  constrained  signature 
S.  The  sequential  composition  of  ip,  denoted  by  ip,  is  the  parallel  instantiation  defined  for  all  X  in  S  as 
ip(X)  =  Xip. 

The  next  propositions  are  proved  at  the  end  of  this  section.  They  are  the  key  proving  the  soundness 
theorem. 

Proposition  4.4.  If  ip  is  a  derivation  of  a  valid  constrained  signature  E,  then  ip  —  the  sequential 

\ 

composition  of  ip —  is  a  solution  to  5. 

Proposition  4.5.  Let  Si  f- 6l-+  S2  I  °2  »  . . .  i  --~^  Sn?  n  >  0,  be  a  path  of  a  search  tree  of  a  valid 
constrained  signature  E  such  that  Si  =  (H)4.An£,  then  the  list  of  graftings  ip  =  (0i, . . . ,  0n-i)  is  a  sequential 
grafting  of  E,  and  for  0  <  i  <  n,  5*  =  (Eip)lXUjz . 

'll}  • 

Theorem  4.6  (Soundness).  Let  (S)|AIIz:  i— — ►  e  be  a  path  of  a  search  tree  of  a  valid  constrained 
signature  E,  the  sequential  composition  of  ip  is  a  solution  to  E. 

Proof.  By  Proposition  4.5,  ip  is  a  sequential  grafting  of  S,  and  e  =  (Eip)lXUc .  Therefore,  by  Definition  4.2, 
ip  is  a  derivation  of  S.  Finally,  by  Proposition  4.4,  the  sequential  composition  of  ip ,  i.e.,  ip,  is  a  solution  to 
S.  □ 

The  rest  of  this  section  is  dedicated  to  the  proof  of  Proposition  4.4  and  Proposition  4.5. 

First,  we  prove  that  sequential  graftings  preserve  typing. 

Lemma  4.7.  Let  ip  be  a  sequential  grafting  of  a  valid  constrained  signature  E, 

1.  if  f^S;r,  then  |~  Eip;Tip, 

2.  if  S;T  |~  M  :  A,  then  S ip;Tip  |~  Mip  :  Aip,  and 

3.  if  S;  T  |~  S  t>  A,  then  S  ip;  Tip  Sip  >  A  ip. 

Proof.  We  reason  by  induction  on  the  length  of  the  list  ip  and  Lemma  3.13.  □ 
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Proposition  4.4.  If  ^  is  a  derivation  of  a  valid  constrained  signature  S,  then  ip  is  a  solution  to  E. 
Proof.  Since  E  is  a  valid  constrained  signature,  for  any  constraint  Mi  ~r  M2  and  meta-variable  decla¬ 
ration  X:  a  A  in  E, 


(4.1)  E;  r  |~  Mi  :  B, 

(4.2)  E;  T  |~  M2  :  B, 


(4.3) 

Because  ip  is  a  sequential  grafting  of  E, 

(4.4) 

t 

(4.5) 

(4.6) 

By  Lemma  3.6, 

(4.7) 

(4.8) 


S;A  ^X:A. 
and  by  Lemma  4.7, 

Eip^Tip  |~  M\ip :  Bip, 

E ip;Tip  |~  M2ip  :  Bip, 

Eip;  Aip  |~  Xip  :  Aip. 

(Ei>)ixn^rqp  h  :  Bip, 
(2^)4- An£ ; h  m2^  ■  Bip, 


(4.9)  (S/OWA 

By  Definition  4.3,  Tip  =  ip(T ),  A^>  =  ^(A),  Mi^  =  ip(Mx),  and  M2ip  =  ^(Ms).  Since  ip  is  a  derivation  of 
E,  (EVO^ru  =  e*  Thus,  Mi  ~r  M2  is  not  in  (Eip)lXUc.  Hence,  (Mxip)lXUc  and  (M2ip)iXuc  are  identical 
ground  terms  (otherwise  the  constraint  could  not  be  discharged).  Therefore,  ip  is  a  solution  to  S.  □ 

Lemma  4.8.  For  all  valid  constrained  signature  E y  ip  is  a  sequential  grafting  of  E  if  and  only  if  ip  is  a 
sequential  grafting  of  (S)|AI1/: . 

Proof  By  induction  on  the  length  of  ip.-  If  ip  is  the  empty  list,  then  the  conclusion  is  trivial  by 
Definition  4.1.  Otherwise,  we  use  the  induction  hypothesis,  and  Lemma  3.14.  □ 

Lemma  4.9.  For  all  valid  constrained  signature  E,  if  ip  is  a  sequential  grafting  of  (H)J,An/:,  then 
((^Uatu^Hai^  =  (-^Ha  nc- 

Proof  By  induction  on  the  length  of  ip.  The  base  case  is  trivial.  At  the  induction  step  we  use  equational 
reasoning  on  All/:  -  □ 

Proposition  4.5.  For  all  n  >  0,  if  Si  f  —  »  E2  h  -2  +  . . .  i^n~»  Sn  is  a  path  of  a  search  tree  of  a  valid 
constrained  signature  E  such  that  Ei  =  (E)|An£,  the  list  of  graftings  ip  =  (0l5 . . . ,  0n_i)  is  a  sequential 
grafting  of  S,  and  for  0  <  i  <  n,  S2-  =  (E^)|An£. 

Proof  By  induction  on  n.  The  base  case  is  trivial.  Assume  that  n  >  0  and  take  ip 1  =  (62l . . .  ,0*).  By 
construction,  Ox  is  an  elementary  grafting  of  a  meta- variable  in  Si.  Thus,  by  Theorem  3.19,  Q\  is  a  valid 
grafting  of  Si  and  S2  =  (Si0i)|AIl£  is  well-defined.  By  induction  hypothesis,  ip '  is  a  sequential  grafting  of 
Si  0i,  and  Ei  =  (Si(<9i^,))4'An£  =  (Si^)|An £-  By  Definition  4.1,  ip  is  a  sequential  grafting  of  Si  -  (E)iXUc. 
Therefore,  by  Lemma  4.8,  ip  is  a  sequential  grafting  of  E,  and  by  Lemma  4.9,  E$  =  (S^)J,An£ .  □ 
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4.2.  Completeness.  The  completeness  property  states  that  if  there  is  a  solution  +  to  a  constraint 
signature  E,  there  exists  a  derivation  ip  of  E,  such  that  ip  =An£  This  claim  is  proved  by  induction  on  the 
size  of  1®r. 

Definition  4.10  (Size  of  a  pure  term).  The  size  of  a  pure  term  defined  by  induction  over  the  structure 
of  terms  is  as  follows. 

•  \s\  =  1,  if  s  e  {Kind,  Type}. 

•  |n|  =  1. 

•  |(Af  JV)|  =  |Af|  +  |JV|  1. 

•  \Xa.M\  =  \A\  +  \M\  +  1. 

•  |IL4.B|  =  |A|  +  |5|  +  1. 

Definition  4.11  (Size  of  a  parallel  instantiation).  Let  VI'  be  a  parallel  instantiation  of  a  constrained 
signature  S,  the  size  of  \P,  denoted  by  j®|,  is  the  sum  of  the  sizes  of  $(A")  for  all  X  in  E. 

Lemma  4.12.  Let  E  be  a  valid  constrained  signature  in  All c-normal  form,  if  it  is  a  normal  solution  of 
S,  then  there  exists  a  search  tree  of  E  with  a  derivation  ip,  such  that  ip  =\nc  *• 

Proof.  By  induction  on  the  size  of  \Ps-4  Since  is  a  solution  to  E,  S  is  not  a  failure  signature.  If  E  =  e, 
the  empty  list  is  a  derivation  of  S.  Otherwise,  take  the  first  meta-variable  declared  in  E,  namely  X:rA. 
This  meta-variable  exists  by  Lemma  3.15.  Notice  that  A  and  T  do  not  depend  on  any  other  meta-variable  or 
constraint.  We  reason  by  case  analysis  on  M  =  4>e(A).  Since  E  is  a  constrained  signature  in  Allc-normal 
form  and  $  is  a  normal  solution,  M,  A,  F  are  ground  All^-normal  forms. 

•  M  =  Type.  In  this  case,  A  =  Kind.  Consider  the  elementary  grafting  of  X,  0  —  {X/ e  Type} .  Let 
Ei  =  (S#),|.An£)  Ei  is  well-defined  by  Lemma  3.13  and  Theorem  3.19.  We  check  that  (X)  = 
4>=(A"),  X  £  Ei,  is  a  normal  solution  of  Si,  and  that  1$^  |  <  | T'h | - 

•  M  =  FlAl.A2.  In  this  case,  A  £  {Kind,  Type}  and  T  Ai  :  s,  s  €  {Kind,  Type}.  Consider 
the  elementary  grafting  of  X,  0  =  |A7e'IIz.Y},  where  Z,Y  are  fresh  meta- variables,  and  S'  = 
Y:  z.tA.  Zips.  Let  Ei  =  (S0)4An£.  We  check  that 

'  Ai  if  W  =  Z 

9'Sl{W)  =  <  A2  if  W  =  Y 

vI'e(W)  otherwise 

is  a  normal  solution  of  Si,  and  that  |'I' ^  |  <  1 41  e | ■ 

•  M  =  \a!-N.  In  this  case,  A  £  II Al.A2  and  T  I -  N  :  A2.  Consider  the  elementary  grafting  of  X, 
9  =  {X/s'\Al.Y},  where  Y  is  a  fresh  meta-variable,  and  S'  —  Y:Al.rA2.  Let  Si  -  (S0)4An£.  We 
check  that 


*8x0*0 


A2  if  W  =  Y 
$3(W)  otherwise 


is  a  normal  solution  of  Si,  and  that  |’$'g1 1  <  l+nl- 

•  M  =  (n  Mi  ...  Mi).  In  this  case,  F  h  n  :  B,  B  (in  All/; -normal  form)  is  a  product,  r  h  A  :  s,  and 
s  £  {Kind,  Type}.  Consider  the  elementary  grafting  of  X,  9  =  {X/A~rA-.  s<(n  Xi  ...  A^)}  where 
S'; T  b  (n  Xi  ...  Xi)  :  A!  is  in  [r  I-  n  :  B]\  Let  Si  =  (E0)4-An£ -  We  check  that 


Mj  if  W  =  Xj,  0  <  j  <i 
\k=(W)  otherwise 


4ln  this  proof,  the  index  of  tP  is  relevant. 
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is  a  normal  solution  of  2j,  and  that  \  <  |^e|- 

In  all  the  cases  1$^  |  <  |^s|,  then  by  induction  hypothesis,  there  exists  a  search  tree  of  Hi  with  a  derivation 
ipi,  such  that  ipi  =\nc  Then,  ip  =  {6,  ip i)  is  a  derivation  of  2.  Since  \&s(X)  =  ^^(X#),  for  all  X  €  2, 
®s(X)  =An£  X<Mi>  -  X</>.  Therefore,  #  =An£  □ 

Theorem  4.13  (Completeness).  Le£  E  be  a  valid  constrained  signature ,  ^  as  a  solution  of  2,  then 

there  exists  a  search  tree  of  2  with  a  derivation  ip,  such  that  ip  =\nc 

Proo/.  If  \I>  is  a  solution  of  2,  by  Lemma  3.6  and  Definition  3.8,  ^  is  a  solution  of  (2)|AIl£  too.  By 
Remark  1,  the  parallel  instantiation  ^'(X)  =  ($(X))4,An£,  X^  G  2,  is  a  normal  solution  of  (2)|An^.  Hence, 
by  Lemma  4.12,  there  exists  a  search  tree  of  (2)|An/:  with  a  derivation  ip ,  such  that  ip  =An£  Therefore, 
ip  =\nc  By  Definition  3.20,  a  search  tree  of  2  is  a  search  tree  of  (2)|Ari£ .  □ 

5.  Related  Work  and  Summary.  Automatic  proof  synthesis  is  at  the  basis  of  proof  assistant  systems. 
A  complete  method  for  search  of  proof  trees  based  on  resolution  and  unification  was  formulated  by  Robinson 
[37]  for  the  first-order  logic,  and  by  Huet  [21]  for  the  higher-order  logic.  In  type  systems,  higher-order 
unification  (HOU)  algorithms  are  known  for  the  simply-typed ’A-calculus  [22]  and  for  the  An-calculus  of 
dependent  types  [17,  35]. 

For  the  cube-type  systems,  Dowek  [12,  13]  reformulates  the  unification  procedure  and  generalizes  it  as 
a  method  of  term  enumeration.  Recently,  Cornes  [10]  proposed  an  extension  of  Dowek’s  method  to  the 
Calculus  of  Constructions  with  Inductive  Types. 

Dowek,  Hardin,  and  Kirchner  [15]  propose  a  first-order  presentation  of  Huet’s  HOU  algorithm  based  on 
explicit  substitutions  and  typed  meta- variables.  This  algorithm  is  generalized  to  solve  higher-order  equational 
unification  by  Kirchner  and  Ringeissen  [25],  and  restricted  to  the  case  of  higher-order  patterns  by  Dowek, 
Hardin,  Kirchner,  and  Pfenning  in  [16].  The  algorithm  for  pattern  unification  via  explicit  substitutions  has 
been  extended  (without  proof)  to  dependent  types,  and  implemented  in  the  Twelf  system  [34]. 

On  the  other  hand,  Briaud  [7]  shows  how  HOU  can  be  considered  as  a  typed  narrowing  in  the  A?>calculus 
of  explicit  substitutions.  Magnusson  [28]  presents  a  unification  algorithm  in  Martin-Lof’s  type  theory  with 
explicit  substitutions.  This  algorithm  solves  first-order  unification  problems,  but  leaves  unsolved  the  flexible- 
flexible  constraints. 

Our  main  contribution  is  the  presentation  of  Dowek’s  method  of  proof  synthesis  in  a  suitable  theory  with 
explicit  substitutions  and  meta- variables.  This  way,  proof-terms  can  be  built  incrementally  as  the  proofs  are 
done,  and  each  construction  step  is  guaranteed  by  the  type  system. 

Just  as  in  [12,  13],  the  method  presented  here  is  sound  and  complete.  Thus,  it  can  be  seen  as  a 
semi-algorithm  for  ground  higher-order  unification  in  An  and  the  Calculus  of  Constructions.  Although,  the 
implementation  issues  are  out  of  the  scope  of  this  paper,  a  preliminary  version  of  our  method  has  been 
implemented  in  OCaml,  and  it  is  electronically  available  by  contacting  the  author. 

The  underlying  theory  of  the  method  proposed  here  is  the  An-calculus.  We  believe  that  the  same  ideas 
can  be  applied  to  other  formalisms  satisfying  at  least  the  same  typing  properties  as  \Uc,  that  is,  confluence, 
weak-normalization,  subject  reduction,  and  instantiation  lemma.  The  An^-calculus  has  some  features  that 
are  useful  for  our  proof-synthesis  method  and  they  seem  to  be  in  unification  issues: 

•  It  is  a  finite  first-order  rewriting  system.  In  particular,  some  properties  as  soundness  and  complete¬ 
ness  of  the  method  are  much  simpler  to  prove. 

•  It  uses  general  composition  of  substitutions  and  simultaneous  substitutions.  In  [33],  we  discuss 
efficiency  improvements  to  the  method  based  on  these  features. 

•  Since  substitutions  distribute  under  abstractions  and  products,  normal  forms  have  a  simple  charac- 
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terization.  For  example,  the  normal  form  of  a  type  has  the  form  11^ - IL4.  .A  where  A  is  not  a 

product. 

Finally,  notice  that  XHc  does  not  handle  the  77- rule.  Extensional  versions  of  explicit  substitution  calculi 
have  been  studied  for  ground  terms  [24].  However,  work  is  necessary  to  understand  the  interaction  with 
dependent  types  and  met  a- variables. 
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